Skip to main content

Sierra Wireless Patches Critical Vulns in Range of Wireless Routers

posted onMay 8, 2018
by l33tdawg

Sierra Wireless has patched two critical vulnerabilities for its range of wireless gateways that would leave the enterprise devices helpless to an array of remote threats, including the charms of the Reaper IoT botnet.

The more critical of the two (with a 9.4 CVSSv3 Temp Score) is a privilege-escalation bug (CVE-2018-10251), which could allow a remote attacker with no authentication whatsoever to the device to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges.

The second issue (slightly less alarming with an 8.4 CVSSv3 Temp Score) is also a privilege-escalation flaw (CVE-2017-15043) that allows remote code execution and device takeover; however, the vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker would need to be in possession of router login credentials to exploit the vulnerability; after that, he or she could do so by sending a crafted HTTP request to the affected system.

Source

Tags

Security Wireless

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th